[18810] in cryptography@c2.net mail archive

home help back first fref pref prev next nref lref last post

Re: Symmetric ciphers as hash functions

daemon@ATHENA.MIT.EDU (James Muir)
Mon Oct 31 12:44:54 2005

X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Mon, 31 Oct 2005 11:43:45 -0500
From: James Muir <jamuir@scs.carleton.ca>
To: cryptography@metzdowd.com
In-Reply-To: <4365B8CE.9040505@partow.net>

Tom Shrimpton (http://www.cs.pdx.edu/~teshrim/) does research in this 
area (ie. using block ciphers to build hash functions).  See the papers 
on his web site; in particular:

Black-Box Analysis of the Block-Cipher-Based Hash-Function Constructions 
from PGV [pdf] [ps]
John Black, Phillip Rogaway, and Thomas Shrimpton

-James

Arash Partow wrote:
> Hi all,
> 
> How does one properly use a symmetric cipher as a cryptographic hash
> function? I seem to be going around in circles.
> 
> Initially I thought you choose some known key and encrypt the data
> with the key, using either the encrypted text or the internal state of
> the cipher as the hash value, turns out all one needs to do to break
> it, is decrypt the hash value with the "known" key and you get a value
> which will produce the same hash value.
> 
> Reversing the situation (using the data as the key and a known plain-
> text) makes a plaintext attack seem like a joy etc..
> 
> Are there any papers/books/etc that explain the implementation/use of
> symmetric ciphers (particularly AES) as cryptographic hash functions?
> 
> btw I know that hash functions and symmetric ciphers share the same
> structural heritage (feistel rounds etc...), I just don't seem to be
> making the usage link at this point in time... :D
> 
> Any help would be very much appreciated.
> 
> 
> 
> Kind regards
> 
> 
> Arash Partow
> ________________________________________________________
> Be one who knows what they don't know,
> Instead of being one who knows not what they don't know,
> Thinking they know everything about all things.
> http://www.partow.net
> 
> 
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
home help back first fref pref prev next nref lref last post